docs/mods/_core/users/admins/create.php

   1 <?php\r
   2 /****************************************************************************/\r
   3 /* ATutor                                                                                                                                       */\r
   4 /****************************************************************************/\r
   5 /* Copyright (c) 2002-2010                                                  */\r
   6 /* Inclusive Design Institute                                               */\r
   7 /* http://atutor.ca                                                                                                                     */\r
   8 /*                                                                                                                                                      */\r
   9 /* This program is free software. You can redistribute it and/or                        */\r
  10 /* modify it under the terms of the GNU General Public License                          */\r
  11 /* as published by the Free Software Foundation.                                                        */\r
  12 /****************************************************************************/\r
  13 // $Id$\r
  14 \r
  15 define('AT_INCLUDE_PATH', '../../../../include/');\r
  16 require(AT_INCLUDE_PATH.'vitals.inc.php');\r
  17 admin_authenticate(AT_ADMIN_PRIV_ADMIN);\r
  18 \r
  19 if (isset($_POST['cancel'])) {\r
  20         $msg->addFeedback('CANCELLED');\r
  21         header('Location: index.php');\r
  22         exit;\r
  23 } else if (isset($_POST['submit'])) {\r
  24         $missing_fields = array();\r
  25 \r
  26         /* login validation */\r
  27         if ($_POST['login'] == '') {\r
  28                 $missing_fields[] = _AT('login_name');\r
  29         } else {\r
  30                 /* check for special characters */\r
  31                 if (!(preg_match("/^[a-zA-Z0-9_]([a-zA-Z0-9_])*$/i", $_POST['login']))) {\r
  32                         $msg->addError('LOGIN_CHARS');\r
  33                 } else {\r
  34                         $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE login='$_POST[login]'",$db);\r
  35                         if (mysql_num_rows($result) != 0) {\r
  36                                 $msg->addError('LOGIN_EXISTS');\r
  37                         } \r
  38                                                 \r
  39                         $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$_POST[login]'",$db);\r
  40                         if (mysql_num_rows($result) != 0) {\r
  41                                 $msg->addError('LOGIN_EXISTS');\r
  42                         }\r
  43                 }\r
  44         }\r
  45 \r
  46         /* password check: password is verified front end by javascript. here is to handle the errors from javascript */\r
  47         if ($_POST['password_error'] <> "")\r
  48         {\r
  49                 $pwd_errors = explode(",", $_POST['password_error']);\r
  50 \r
  51                 foreach ($pwd_errors as $pwd_error)\r
  52                 {\r
  53                         if ($pwd_error == "missing_password")\r
  54                                 $missing_fields[] = _AT('password');\r
  55                         else\r
  56                                 $msg->addError($pwd_error);\r
  57                 }\r
  58         }\r
  59 \r
  60         /* email validation */\r
  61         if ($_POST['email'] == '') {\r
  62                 $missing_fields[] = _AT('email');\r
  63         } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {\r
  64                 $msg->addError('EMAIL_INVALID');\r
  65         }\r
  66         $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);\r
  67         if (mysql_num_rows($result) != 0) {\r
  68                 $valid = 'no';\r
  69                 $msg->addError('EMAIL_EXISTS');\r
  70         }\r
  71 \r
  72         $priv = 0;\r
  73         if (isset($_POST['priv_admin'])) {\r
  74                 // overrides all above.\r
  75                 $priv = AT_ADMIN_PRIV_ADMIN;\r
  76         } else if (isset($_POST['privs'])) {\r
  77                 foreach ($_POST['privs'] as $value) {\r
  78                         $priv += intval($value);\r
  79                 }\r
  80         }\r
  81         $_POST['privs'] = $priv;\r
  82 \r
  83         if ($missing_fields) {\r
  84                 $missing_fields = implode(', ', $missing_fields);\r
  85                 $msg->addError(array('EMPTY_FIELDS', $missing_fields));\r
  86         }\r
  87 \r
  88         if (!$msg->containsErrors()) {\r
  89                 $_POST['login']     = $addslashes($_POST['login']);\r
  90                 $password  = $addslashes($_POST['form_password_hidden']);\r
  91                 $_POST['real_name'] = $addslashes($_POST['real_name']);\r
  92                 $_POST['email']     = $addslashes($_POST['email']);\r
  93 \r
  94                 $admin_lang = $_config['default_language']; \r
  95 \r
  96                 $sql    = "INSERT INTO ".TABLE_PREFIX."admins\r
  97                                  (login,\r
  98                                   password,\r
  99                                   real_name,\r
 100                                   email,\r
 101                                   language,\r
 102                                   `privileges`,\r
 103                                   last_login)\r
 104                           VALUES ('$_POST[login]', \r
 105                                   '$password', \r
 106                                   '$_POST[real_name]', \r
 107                                   '$_POST[email]', \r
 108                                   '$admin_lang', \r
 109                                   $priv, \r
 110                                   0)";\r
 111                 $result = mysql_query($sql, $db) or die(mysql_error());\r
 112 \r
 113                 $sql    = "INSERT INTO ".TABLE_PREFIX."admins\r
 114                                  (login,\r
 115                                   password,\r
 116                                   real_name,\r
 117                                   email,\r
 118                                   language,\r
 119                                   `privileges`,\r
 120                                   last_login)\r
 121                           VALUES ('$_POST[login]', \r
 122                                   '********', \r
 123                                   '$_POST[real_name]', \r
 124                                   '$_POST[email]', \r
 125                                   '$admin_lang', \r
 126                                   $priv, \r
 127                                   0)";\r
 128                                   \r
 129                 write_to_log(AT_ADMIN_LOG_INSERT, 'admins', mysql_affected_rows($db), $sql);\r
 130 \r
 131                 $msg->addFeedback('ADMIN_CREATED');\r
 132                 header('Location: index.php');\r
 133                 exit;\r
 134         }\r
 135         $_POST['login']             = $stripslashes($_POST['login']);\r
 136         $_POST['real_name']         = $stripslashes($_POST['real_name']);\r
 137         $_POST['email']             = $stripslashes($_POST['email']);\r
 138 } \r
 139 \r
 140 $onload = 'document.form.login.focus();';\r
 141 require(AT_INCLUDE_PATH.'header.inc.php'); \r
 142 ?>\r
 143 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>\r
 144 \r
 145 <?php\r
 146         $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED, 0, TRUE);\r
 147         $keys = array_keys($module_list);\r
 148 ?>\r
 149 \r
 150 \r
 151 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>\r
 152 \r
 153 <script type="text/javascript">\r
 154 function encrypt_password()\r
 155 {\r
 156         document.form.password_error.value = "";\r
 157 \r
 158         err = verify_password(document.form.password.value, document.form.confirm_password.value);\r
 159         \r
 160         if (err.length > 0)\r
 161         {\r
 162                 document.form.password_error.value = err;\r
 163         }\r
 164         else\r
 165         {\r
 166                 document.form.form_password_hidden.value = hex_sha1(document.form.password.value);\r
 167                 document.form.password.value = "";\r
 168                 document.form.confirm_password.value = "";\r
 169                 if (document.form.priv_admin.checked == true) \r
 170                 {\r
 171                         return confirm('<?php echo _AT('confirm_admin_create'); ?>');\r
 172                 } \r
 173                 else \r
 174                 {\r
 175                         return true;\r
 176                 }\r
 177         }\r
 178 }\r
 179 </script>\r
 180 \r
 181 <?php \r
 182 $savant->assign('keys', $keys);\r
 183 $savant->assign('module_list', $module_list);\r
 184 $savant->display('admin/users/create.tmpl.php');\r
 185 require(AT_INCLUDE_PATH.'footer.inc.php'); ?>\r